TOB meeting tomorrow (3/3/2016)

[gossm...@gmail.com]

We are scheduled for a call at 9am tomorrow. Who all is available? Do we have quorum?

I assume the agenda is to talk about Brandon's proposal, in which case I'll be trying to facilitate the conversation so that Brandon can champion his position.

Is there anything else we should cover?

[gossm...@gmail.com]

Okay...today is 3/3/2016. Meeting is 3/4 at 9am PST

[Chris Aniszczyk]

Agenda is here: https://docs.google.com/presentation/d/1sHnTyM5S9IGt4jmdlI2D6dzl_8EBSIaRD0oNvmu7ILQ/edit?usp=sharing

I suggest adding the topic of updating the charter to deal with project structure.

--
You received this message because you are subscribed to the Google Groups "Technical Oversight Board" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tob+uns...@opencontainers.org.

--

Chris Aniszczyk (@cra) | +1-512-961-6719

[Vincent Batts]

On 03/03/16 09:19 -0800, gossm...@gmail.com wrote:
>We are scheduled for a call at 9am tomorrow. Who all is available? Do we
>have quorum?

I will be unable to attend.

[Greg KH]

A conflift for me just came up and I will be unable to attend as well,
sorry about this.

greg k-h

[Brandon Philips]

Everyone-

Summary about accepting this proposal so far from the mailing list:

Agree (5): Greg KH, Vincent Batts, Jason Bouzane, Brandon Philips, Pavel Emelyanov

Questions (1): Diogo Monica

Disagree (0):

Currently we haven't heard from the entire TOB about whether they agree, disagree, or have questions with the proposal. Missing folks: Michael Crosby, Chris Wright, and John Gossman. If you haven't replied please reply tonight or tomorrow with one of: Agree, Disagree, or a list of discussion questions for the call.

The goal of the meeting tomorrow is to make progress on the new image format project proposal discussion. And, I want to start with a rough idea of who needs to learn what tomorrow.

Thank You,

Brandon

[Michael Crosby]

Disagree 

--

Michael Crosby

@crosbymichael

[Diogo Mónica]

I also disagree with the proposal as stated (as I said on my original email).

Diogo Mónica

[gossm...@gmail.com]

There seem to be 5 elements to this proposal:

• Image that is content addressable

I agree we should do this

• Security that is based on signing image content address

I'd like to hear a little more detail about this. Why is this not just a simple content hash?

• Naming that is federated based on DNS (enables ec2 cr, gcr, quay.io, localhost registry, etc) and can be delegated

This seems to be the crux of the debates and I think is what we should discuss

• Distribution that is based on HTTPS and enables other protocols (e.g. dockyard bittorrent p2p)

This seems like it is out of scope, but I'm willing to be convinced.

The fifth element is whether this is a new Project, TDC, new maintainers etc. That seems like it should wait until we scope the work.

[gossm...@gmail.com]

Just for reference, where is the OCI Scope Table? I have an old copy in e-mail, but I can't find it and the doc here, doesn't link to it https://www.opencontainers.org/governance

On Thursday, 3 March 2016 09:19:26 UTC-8, gossm...@gmail.com wrote:

[Diogo Mónica]

Maybe the representatives of the linux foundation know why it isn't a link?

--
You received this message because you are subscribed to the Google Groups "Technical Oversight Board" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tob+uns...@opencontainers.org.

--

Diogo Mónica

[Chris Wright]

* Diogo Mónica (diogo....@docker.com) wrote:
> Maybe the representatives of the linux foundation know why it isn't a link?

I pinged Mike Dolan who assisted with much of the governance work and
asked, he is looking into this. I'm sure it's just an oversight. I was
one of the people that expressed concerns with the scope document as it
was, and we agreed to get it online and consider it a _live_ document.
Meaning subject to change.

thanks,
-chris

[Michael Dolan]

I’m still hunting down why we lost it on the website / or will recreate it, but the PDF attached has what you’re looking for in the meantime.

[vbatts]

On Friday, March 4, 2016 at 11:24:51 AM UTC-5, gossm...@gmail.com wrote:

There seem to be 5 elements to this proposal:

• Image that is content addressable

I agree we should do this

• Security that is based on signing image content address

I'd like to hear a little more detail about this. Why is this not just a simple content hash?

A cryptographic identity attesting to the validity of the simple content hash. Regardless of a detached signature or a framework with more moving pieces. 

Nothing new, though perhaps this bullet could be more clear.

• Naming that is federated based on DNS (enables ec2 cr, gcr, quay.io, localhost registry, etc) and can be delegated

This seems to be the crux of the debates and I think is what we should discuss

 Again, nothing that is new to folks. If you package and publish content, regardless where that content is hosted, or stored, it ought to be derivable the identity of the publisher of the package (and ideally the owner of the content). Just because the content is then hosted on a new server or is mirrored, does not change the publisher or content owner's identity and attestation.

• Distribution that is based on HTTPS and enables other protocols (e.g. dockyard bittorrent p2p)

This seems like it is out of scope, but I'm willing to be convinced.

Perhaps the word "based" lends to think that any further protocols would be a derivative of an HTTPS base.

Starting with HTTPS is a lowest common denominator and is not broken to the point of avoiding. I am excited to see further protocols adopted to being wide spread, but should we avoid HTTPS?

vb